We use Mcafee on all computers in the city which is around 300. One of the tools we use when we are not sure that Mcafee has done a perfect job is Combofix. For a reason unknown, Combofix is now seen as a threat and blocked by Mcafee.

Is there a way I can put an exception in the EPO so the agent can push instructions to let it work?

Cool, you got it narrowed down so now all you need to do is create the exception for it to prevent OAS from blocking it.

Within ePO, go to Menu > Policy > Policy Catalog

Then dropdown the Product for VirusScan Enterprise 8.8.0

From here you need to find the policy that is applied to the machines system tree node. This depends on how you have OAS setup also; whether your using one default processes policy, or if your categorizing them into high/low/default and using multiple policies. Figure out which one you are using.

Then from there, just open the policy, click the "exclusions" tab, change the "setting for" for either a workstation or server, and then drop the Combofix directory or file into that location.

I found the information. Thank you fitch. There is one that is intriguing me.

here is the box to add a new exclusion. I took a look at the other exceptions and they point to a certain type of files (.pst in that case) or a specific folder. How can I specify a single file called Combofix.exe?

I've logged in my virtual machine that does not have any antivirus so i was able to download combofix. I copied the file on the server and woof! he was removed on the server by a question of seconds. I wanted to start it to see if the antivirus would accept it after the download but better luck next time for me!